Safely remove and modify access-list via IPSEC Tunnel connection

e are moving to another ISP provider which results in changing our ip address configuration on our router interface. Interface 4 is connected currently to a cable modem going via ipsec tunnel.

interface FastEthernet4
 description Link to Cable Modem
 ip address 24.x.x.x 255.255.255.0
 ip mtu 1438
 load-interval 30
 duplex auto
 speed auto
 crypto map VPN

However, I will need to modify our access-list remotely. I know that if I remove the access-list, I will lose connectivity remotely. Can anyone suggest a safe way to do this properly? I will need to modify it but I know once the changes are pasted, I will lose connectivity. Any help?

Currently the access- list is as follows.

access-list 1 permit 24.x.x.x
access-list 1 permit 65.x.x.xx.x
access-list 1 remark SNMP and Remote Access
access-list 1 permit x.x.x.x
access-list 1 permit x.xx.x.x
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 1 permit 65.x.x.x 0.0.0.x
access-list 1 deny   any log
access-list 100 deny   ip any host x.x.x.x
access-list 100 deny   ip any host x.x.x.x
access-list 100 deny   ip any host x.x.x.x
access-list 100 permit ip any any
access-list 101 deny   ip any host 24.x.x.x
access-list 101 deny   ip any host x.x.x.x
access-list 101 deny   ip any host x.x.x.x
access-list 101 deny   ip any host 96.x.x.x.
access-list 101 permit ip any any

crypto map VPN 15 ipsec-isakmp
 set peer 65.x.x.x
 set transform-set 3DES-SHA
 set pfs group2
 match address 101
beaconmcseAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
Can you create an alternative link (temporarily) then change the main link and after that remove the temporary?

You only need a small mixup to complety lock yourself out...
0
agonza07Commented:
Open up SSH temporarily on the outside interface. That way you don't have to depend on the VPN.

Also, do a "reload in 15" in case you lock yourself out, the router will reload in 15 min. Just make sure  not to save your changes.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DHCP

From novice to tech pro — start learning today.